﻿Imports System.Data.SqlClient

Public Class UserLogin
    Inherits System.Web.UI.Page
    Private objrd As SqlDataReader = Nothing
    Private objexecute As New GetData
    Private sSQL As String
    Private ps As New PreparedStatement(sSQL)
    Dim strErr As String = ""

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Request("btnSubmit") <> Nothing And Request("btnSubmit") <> "" Then
            Exit Sub
        End If
        If Request("email") <> Nothing And Request("email") <> "" Then
            ps.addParameter("email", Request("email"))
            sSQL = "select *  from  member where email=@email"
            ps.strSql = sSQL
            Dim conn As SqlConnection = objexecute.getConn()

            objrd = objexecute.dr(ps, strErr, conn, objrd)
            If Not objrd.Read() Then
                lblError.Text = ""
                lblError.Text = "the id is not existed"
                objexecute.closeConn(conn)

                Exit Sub
            End If
            Dim strPwd, pwd As String
            strPwd = objrd("password").ToString()
            Dim sh As New SHA1
            pwd = sh.mySHA(Request("pwd"))
            If pwd = strPwd Then
                lblError.Text = ""

                Session("uid") = objrd("GAPortal_ID").ToString()
                Session("cid") = objrd("company_ID").ToString()
                Response.Redirect("members/members-home.aspx")
            Else
                lblError.Text = ""
                lblError.Text = "password is wrong"
                objexecute.closeConn(conn)

                Exit Sub
            End If
            objexecute.closeConn(conn)

            Exit Sub
        End If
        Dim aCookie As HttpCookie = Request.Cookies("userInfo")
        If aCookie Is Nothing Then
            Exit Sub
        End If
        txtUID.Text = aCookie.Values("userName")
        passwordMemory.Checked = True
    End Sub

    Protected Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
        Dim email, pwd, strPwd, uid, cid As String

        email = txtUID.Text
        pwd = txtPwd.Text
        If email = "" Then
            lblError.Text = ""
            lblError.Text = "Please enter the login id"
            Exit Sub
        End If
        ps.addParameter("email", email)
        sSQL = "select *  from  member where email=@email"
        ps.strSql = sSQL
        Dim conn As SqlConnection = objexecute.getConn()

        objrd = objexecute.dr(ps, strErr, conn, objrd)
        If Not objrd.Read() Then
            lblError.Text = ""
            lblError.Text = "the id is not existed"
            objexecute.closeConn(conn)

            Exit Sub
        End If
        uid = objrd("GAPortal_ID").ToString()
        cid = objrd("company_ID").ToString()
        strPwd = objrd("password").ToString()
        Dim sh As New SHA1
        pwd = sh.mySHA(pwd)
        objexecute.closeConn(conn)

        If pwd = strPwd Then
            lblError.Text = ""
            If passwordMemory.Checked = True Then
                Response.Cookies("userInfo")("userName") = txtUID.Text
                Response.Cookies("userInfo").Expires = DateTime.Now.AddDays(30)
            End If
            Session("uid") = uid
            Session("cid") = cid
            Response.Redirect("members/members-home.aspx")
        Else
            lblError.Text = ""
            lblError.Text = "password is wrong"
            Exit Sub
        End If
    End Sub
End Class